diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-01-27 16:53:34 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2023-01-27 16:53:34 +0300 |
commit | 1d58eff782795baae12da9352a6240d38f663942 (patch) | |
tree | 333438662a2e7b7854d1925feda438500030f2ad | |
parent | b1841c6d79f62066335ad4d44efa21f3c5f77c03 (diff) |
Makefile: Upgrade libgit2 to v1.5.1
The libgit2 project has published a security release for CVE-2023-22742.
This vulnerability allows for man-in-the-middle attacks because by
default, libgit2 would not verify SSH keys of the remote server when
connecting to it.
Gitaly is not impacted by this CVE given that we never use libgit2 to
connect to a remote server. But let's upgrade anyway in case anybody
wonders.
-rw-r--r-- | Makefile | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -182,7 +182,7 @@ endif # https://github.com/libgit2/git2go/#which-go-version-to-use for a # compatibility matrix. GIT2GO_VERSION ?= v34 -LIBGIT2_VERSION ?= v1.5.0 +LIBGIT2_VERSION ?= v1.5.1 LIBGIT2_REPO_URL ?= https://gitlab.com/libgit2/libgit2 LIBGIT2_SOURCE_DIR ?= ${DEPENDENCY_DIR}/libgit2/source LIBGIT2_BUILD_DIR ?= ${DEPENDENCY_DIR}/libgit2/build |